Hi all,
I want to write a port scanner using c. In the past I' ve developed a port scanning program using TCP connect technique. Now I want to develop port scanner using TCP SYN scanning technique. Are there any libraries in order to make the half - open connection? Any guideline would be very thankful.

Thanks for your time.

03-22-2009

neandrake

I doubt you're going to find help here. While port-scanning internal networks can be legal, tools exist to do such auditing, and shouldn't be a need for you to build your own.

03-22-2009

iMalc

As said, you will not get help to build questionably legal tools here. Regardless of what you would use the knowledge for, there are others who would see it and use it for other purposes.

03-22-2009

Snafuist

It is my strong belief that access to information should be unrestricted and free (free as in free beer). There's no sense in restricting possibly harmful information for two reasons:
1) If someone really wants to know how to do it, he'll find out. He better learns it from us.
2) If an attacker is able to do harm to a system, it is the system's fault.

Besides, one can learn a lot about TCP while writing a SYN "stealth" scanner. Anyway: fssp, I doubt that there are libraries to send SYN requests. Also, you can't use connect(), as it will do the whole 3-way handshake for you. If your operating system supports raw sockets, use them to send a handcrafted TCP SYN request to the target host. You will have to construct the TCP header yourself, so have a look at the corresponding RFC. Felix wrote a tiny "proof-of-concept" tutorial about SYN scans; unfortunately it's written in German, but the source code's comments are in English: http://www.zotteljedi.de/documents/Q...synscan.c.html. You won't understand it though, unless you're deeply familiar with the TCP protocol.

For a real life example, you may want to have a look at the nmap source code. It used to be a horrible mess, but I've been told that it has been rewritten during the 2007 Google Summer of Code.

Note that SYN scans are likely to be detected by even the simplest IDS, and that the system administrator may very well claim that you had a criminal intent as you were trying to hide the attack. Furthermore, it may be illegal in your country to do any sort of port scanning (a rather funny security measure). For experiments, try "nmap -sS -vv <target>" and use a packet analyzer to see what it does. Somewhere on the nmap website you'll also find a good tutorial about (slightly outdated) scanning techniques in general.

Greets,
Philip

03-22-2009

neandrake

Quote:

It is my strong belief that access to information should be unrestricted and free (free as in free beer). There's no sense in restricting possibly harmful information for two reasons:

We are not denying or restricting him information, but saying that he will unlikely find help here. This information can be found in numerous places.

Quote:

1) If someone really wants to know how to do it, he'll find out.

My point exactly. If you're going to learn at this depth, then should you really be asking a place that mostly deals in helping learn a language? Should he earn the right to this information or should we just give it to him (or her)?

Quote:

2) If an attacker is able to do harm to a system, it is the system's fault.

According to this logic, then it's the monetary system's fault that so many US wall-street bankers abused and harmed it, unwatched.

03-23-2009

Snafuist

Quote:

Originally Posted by neandrake

If you're going to learn at this depth, then should you really be asking a place that mostly deals in helping learn a language?

His choice of the place was a bit unfortunate. He should have asked in the networking section of this forum.

Quote:

Should he earn the right to this information or should we just give it to him (or her)?

Just give it to him/her. For me to give answers, one doesn't need to earn a right. One may loose the right by making me unhappy.

Quote:

According to this logic, then it's the monetary system's fault that so many US wall-street bankers abused and harmed it, unwatched.

No, it's the legislature's fault to allow questionable techniques instead of making them illegal. If this answer doesn't completely satisfy you, then it's the people's fault to give their money to inapt bankers. Furthermore, the money isn't gone, it just changed its owner... Either way, the bankers can't be blamed for legal behavior which rewarded them in the short term.

If you feel threatened by the possibility that some newbie may do harm to your system by sending you some SYN requests, then who's to blame? If you leave your front door visibly open, would you blame the thief for stealing your stereo? I wouldn't.

Greets,
Philip

03-23-2009

laserlight

Okay, looks like the help given is reasonably sufficient for such a sensitive topic, so I am closing this thread.